From mboxrd@z Thu Jan  1 00:00:00 1970
From: Rich Persaud <rich.p@xensource.com>
Subject: Re: severe security issue on dom0/xend/xm/non-root	users
Date: Fri, 04 Mar 2005 14:19:47 -0500
Message-ID: <4228B4D3.8020909@xensource.com>
References: <Pine.LNX.4.58.0503041118010.13626@gradall.private.brainfood.com> <1109962904.2746.12.camel@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <1109962904.2746.12.camel@localhost>
Sender: xen-devel-admin@lists.sourceforge.net
Errors-To: xen-devel-admin@lists.sourceforge.net
List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.sourceforge.net>
List-Help: <mailto:xen-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.sourceforge.net?subject=subscribe>
List-Archive: <http://sourceforge.net/mailarchive/forum.php?forum=xen-devel>
To: Anthony Liguori <aliguori@us.ibm.com>
Cc: Adam Heath <doogie@brainfood.com>, xen-devel@lists.sourceforge.net, Bastian Blank <waldi@debian.org>
List-Id: xen-devel@lists.xenproject.org

Anthony Liguori wrote:

>Xend is not designed to provide any sort of security protection out of
>the box.  It assumes that you're running on a trusted network.  Just
>assume that any person that can ping dom0 has root access to your
>system.
>  
>
How about the config option that restricts Xend to listening only on the 
loopback network interface?

Rich


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click